Back to Ransomware

Ransomware

Ransomware attack infects 100,000 PCs in China

Early this December, around 100,000 computers in China were infected with poorly-written ransomware that encrypted user data on the infected computers. The ransomware also included an information-stealing component that harvested login credentials for several Chinese online services. The attacker demanded a ransom of 110 Yuan ($16) in exchange for decrypting the files, payable via WeChat, a social platform that sees ubiquitous use in China.

Aftermath of the attack

On December 4th, Huorong Security, a company that provides anti-virus software and other network security solutions, reported the attack. Huorong identified that the malicious code not only locked the computers but also stole the credentials of users who accessed popular online platforms like Tmall, Aliwangwang, Alipay, 163 Mailbox, Baidu Cloud, Jingdong, and QQ. Although the hack affected tens of thousands of users, the infection was limited to devices in China and it was identified that the encryption techniques the hacker used were very basic.

Following the initial reports of the hack, WeChat immediately deactivated the QR code the hacker was using to accept ransom payments. As a precautionary measure, authorities have requested the users of several services—including Alipay, Baidu Yun, Netease 163, Tencent QQ, Taobao, Tmall, and Jingdong—to change their passwords.

The authorities were able to track down and arrest a 22-year-old man named Luo Moumou on December 5th, who admitted his role in the attack.

Don't want to make the news for the wrong reasons? Download ManageEngine DataSecurity Plus, a tool that can detect, classify , and secure personal data , and mitigate ransomware attacks.

How can ManageEngine help with such situations?

ransomware-attack-screenshot-show

Investing in a ransomware detection tool will help you detect and respond to ransomware attacks in real time to minimize the impact they have on your organization. ManageEngine offers DataSecurity Plus as an automatic ransomware threat identification and mitigation solution. The tool can perform the following without requiring any manual intervention:

  • Detect ransomware with real-time mass access alerts:Monitor the frequency of file modifications by each user and issue alerts whenever the number of modifications crosses a specified threshold within a specified time. Alerts also indicate the username, source, date, and time of a security breach, as well as other alert parameters that pave the way for further investigation.
  • Quarantine ransomware with a customizable and automated response system:Use a built-in ransomware detection and response mechanism which locks down infected devices to prevent further damage caused by the ransomware spreading to storage devices or network systems. Set up your own automated responses, including the execution of a batch file to automatically respond to mass access alerts automatically.
  • Offer in-depth details of events for forensic analysis:Generate customizable, audit-ready reports on all file-related changes, access attempts, and share permissions.

To avoid such untoward incidents, it's wise to follow eight best practices to protect your organization. Try out all these features by downloading the free, 30-day trial version of DataSecurity Plus today.

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.